Secondary menu

You are here

Blogs

I had a chance to speak with OzVision founder and president of security Avi Lupo and CMOOR Group president Connie Moorehead recently. They wanted to talk to me about an exciting new feature being offered through the CMOOR Group at the OzVision website. Regular readers of SSN will recall the CMOOR Group from a story I wrote back in Dec. '08 on the online training offered by the CSAA forcentral station operators.
The new training modules, which are currently under development will be available for perusal here.
According to Lupo, since OzVision is an embedded part of the platforms used by many 3rd party monitoring centers, such as Guardian and Rapid Response that do video monitoring, the training modules needed to cover three areas: Sales, technical, and operations. An excerpt from the original release follows.

The first course will be focused on sales and the features and benefits of the OzVision suite of products. The second course is a technical course geared towards the installation and technical features of the product and the third course in the series will be an operations course designed around user features, operations and function of the OzVision product.
OzVision has partnered with The CMOOR Group to develop this online training series. CMOOR is widely known throughout the security industry as being the premier custom content and media development solution provider to trade associations, manufacturers, integrators and dealers. Built with the latest technology, these courses are highly interactive and engaging for the students. Each student is provided a certificate of completion at the end of the course and continuing education credits will also awarded to participating students upon successful completion of the training. Each courses is anticipated to be approximately 60 minutes in length.
To pre-order your training, contact The CMOOR Group at 502-254-1590. The course is $50 per student and volume discounts are available.

Online training is obviously pretty cool, and the fact that students will get continuing education credits is a major plus. I've received my official certificate for passing the Central Station Operators Online Training Level I and have completed the educational modules for the CSAA Advanced Operator Online Training Course... Unfortunately, true to the modus operandi I adopted in college, I've waited a little too long to start the test at the end now, and am really nervous that I might need a serious cramming session to review all the notes I took before submitting to the assessment. Good luck to all future online students.

I've written before how much I dislike projections. Mostly because they're always wrong. And especially in this economy, I'm dubious of any revenue projections. No one (well, mostly no one) saw this huge downturn coming, no one really knows how long it will last, and no one really knows which sectors will be hit for how long.
So there's that.
But here's another reason I dislike projections: They very rarely take into account anyone else's predictions.
Let's look at a couple of predictions that have been put out there this week:
1. IMS says spend on video analytics might reach $140 million by 2012.
2. Steve Hunt says spend on PSIM software will reach $3 billion to $4 billion annually by 2012.
How does that old Sesame Street song go? One of these things doesn't look like the other?
Let's take the first. IMS says $50 million was spent on analytics in 2008 (which seems reasonable to me, though I'm always skeptical of such a round number). And they think that might get to $140 million by 2012. So, that's a $90 million increase in four years. It's a CAGR of 30 percent (sick of doing math? Use this handy online CAGR calculator).
Now that's a pretty healthy growth rate. But the technology is still young, and the numbers are somewhat small, so percentages sometimes look big in those kinds of environments. For example, here's an article from the government about the geospatial industry growing at 35 percent annually, and 100 percent in the commercial subsector. Here's a nanotechnology company growing at 150 percent plus.
Mostly these sorts of predictions are wrong. I don't think anyone believes the access and surveillance market grew 37 percent annually over the last three years. But they're sometimes right. I'd certainly buy that smart phones grew 44 percent year over year from 2006 to 2008.
So, let's get to #2. Now, just the language of "$3 billion to $4 billion" gives me the willies.
But let's start with this:

A top-down estimation of the potential PSIM spending would normally take total security spending and parse it out based on certain assumptions. For example, of the, say, $50bn annual spend on security products and installation services only a portion would be spent in organizations considered candidates for PSIM solutions, like corporate facilities, airports and the like. Further percentages would be peeled away assuming the adoption lifecycle of PSIM-like technologies in those environments (long sales cycles, integrator reluctance, etc).
That sort of estimation could very reasonably find $1bn to $5bn or more of expected spending on PSIM products over the next few years. One magazine published a quote by a vendor claiming $10bn by 2012.

So, it's very reasonable that (using a fairly ambitious 6 percent overall growth rate for the industry during a brutal global recession) of the $60 billion spent on security products and installation that about nine percent of that would be PSIM software? What? Even take the $1b number. Is PSIM software going to be more than one percent of the overall industry spend?
That doesn't seem right to me.
But, moving on:

How many of those $1bn+ organizations will spend $100,000 or even a million dollars by 2012? To determine that, we interviewed end user executives in 15 more companies and described scenarios where PSIM solutions could produce value (see Table 1). For example, we described specific uses of technology to handle situations involving three or more data types in corporate, transit and government environments.
...
For every Global 3000 candidate able to spend $100,000 and more, there will likely be three or four candidates in the much more populous mid-sized corporate or government categories spending $50,000 or more, effectively doubling the total spend of the large organizations.

First, there's a big difference between a company willing to spend $100,000 and $1 million, but say every single one of the Global 3000 spends $100,000 on PSIM software (that seems pretty ambitious, right?). That's only $300 million. So then let's say there are 12,000 of those smaller companies willing to spend $50,000 each (again, pretty good market penetration, I'd say). That gets us another $600 million.
So, if the PSIM companies out there today - Intergraph, Orsus, Proximex, Lenel (do they even count?), VidSys, CNL, etc. - deploy 15,000 systems in the next four years we're talking about total spend of $900 million. Double the costs of the systems across the board. 15,000 systems for $1.8 billion.
Unless we're including the cost of all the other technology involved in a system run by PSIM software, or we're including all the installation and service, I just don't see how you get to something like $3 billion.
And nowhere in Hunt's post is what he thinks those companies' revenues are right now. Doesn't that matter? You'll see the question by John Honovich on the bottom of Hunt's post. He posits their sales at $200 million in 2008. To get to $3 billion, that would require a CAGR of 97 percent. Even if it's $500 million, we're talking a growth rate of 57 percent.
Why would it be so much faster than analytic growth? Why would we be spending $140 million on analytics and $3 billion on PSIM software. Aren't there a lot of applications where a couple analytics might make sense but a full-blown PSIM installation might not?
The real point of all this is that I just don't see how these two guys could come to these two conclusions independently of each other. They seem wildly disparate.
I guess that's why you shouldn't bother asking me for a prediction. What's the market going to be in 2012? I have no idea, really.

I've read through the 2008 annual report that UTC put out recently, and I think I've got a pretty good handle on what those layoff numbers will mean for their Fire & Security business. (And, yes, I did call and ask them what they would mean, and this is the only comment they're making: "The restructuring will affect all UTC business units to some extent, but the exact number of jobs at individual buisness units and locations has not yet been determined.")
However, these layoffs aren't that new or dramatic for UTC. It's just that most people weren't paying attention to layoffs last year when the economy hasn't yet totally nosedived.
First, here's where you can find their annual report yourself. It's one of the most detailed and well put together annual reports you'll find, I must say. I recommend downloading the pdf, as the interface online is a little slow for my taste.
Now, on to the analysis.
See, in 2008, the company announced $357 million in "net pre-tax restructuring and related charges," which the company predicted would translate to 6,300 hourly and salaried employees. So, for 2008, they were basically valuing an employee at about $56,666 (obviously, not all of that restructuring cost is laying off employees - it's also closing facilities and doing away with assets, etc., but I think you'll see it basically works for my reasoning).
UTC recorded $63 million in charges for the F&S segment, which is 17 percent of the total charges. So, if you take that 17 percent and apply it to the 6,300 jobs, you get 1,071 jobs, or, if you take $63 million and divide it by $56,666 you get 1,111 jobs. So a ballpark of 1,100 jobs lost at UTC F&S makes sense to me.
Now, for 2009, they're predicting $750 million in restructuring and 11,600 jobs eliminated. So, this year, they're theoretically valuing jobs at $64,655 each.
But what percentage of the restructuring will be attributed to UTC F&S? In 2007, the company attributed 23 percent of $166 million in restructuring to F&S, and in 2008, as I said, it was 17 percent.
So, should we average the two and go with 20 percent? Well, it might be higher than that. If you look at UTC's six business segments right now, F&S has just about the lowest operating profit margin at 8 percent. Further, while they only contribute 11 percent of the company's revenue, they make up 19 percent of its workforce. Further further, if you divide revenue by employees, each employee only creates about $150,000 in revenue at F&S, vs. an average of $260,000 for the whole company.
This is likely because F&S is the most in-the-field-oriented of the business units (I'm sort of guessing here, as Otis does a lot of installation) and maybe employs a lot of lower-wage techs across the globe.
So maybe we just take the high side of the 2007 and 2008 percentages and say 23 percent of the restructuring will affect F&S. So, 23 percent of $750 million is $172.5 million, and that divided by $64,655 is 2,668 jobs. Or 23 percent of 11,600=2668.
So, I think a ballpark of 2,500 jobs lost in F&S is fair. What percentage of that is in North America? Well, 83 percent of F&S' revenues were generated outside of the US last year, but they do a lot of business in Canada, so maybe 70 percent is outside of the U.S. and Canada, so maybe 30 percent of those job losses are in North America?
That works out to about 750 jobs. Not too dissimilar, actually, to what ADT just announced.
This is very rough, obviously. If anyone sees major holes in the reasoning, let me know.

I got a release from Xanboo recently. NationWide Digital Monitoring Co., Inc., a central-station monitoring outfit since 1979, announced March 5 it will partner with Xanboo, Inc., for its line of remote security control devices and video monitoring technology.
The partnership will immediately enable NationWideâ€™s dealer force to distribute, install or integrate Xanbooâ€™s products for new and existing customers throughout the United States.
Xanbooâ€™s remote security solutions provide an end-to-end technology platform that enables access and control of devices locally or remotely over the Internet via a mobile phone or PC. Residential and commercial subscribers can use Xanbooâ€™s systems to control and monitor devices in their home or business from anywhere in the world with a standard Internet connection.

I'm just starting to figure out what this means for their security and fire businesses, but UTC is cutting 11,600 jobs.
There are very few details in the release and the company makes everything from elevators to jet engines, so security isn't necessarily top of mind for mainstream reporters.
Considering the consolidation they've done recently with Initial and Red Hawk, however, I've got to think there will be some trimming in their installation business somewhere. Hopefully I'll have more on this in the newswire Thursday.

Thereâ€™s been quite a bit of buzz about Ciscoâ€™s doings in the industry. Any number of online ponderers have wondered openly about Ciscoâ€™s commitment level, especially considering their apparent absence from ISC West (not on the exhibitor list).
So, I called up Pete Jankowski, director of product marketing at Cisco (actually, I arranged a conversation through a PR gal, but thatâ€™s just like calling someone up in this day and age), and Ciscoâ€™s liaison to the PSIA, who handed over a great deal of work that eventually turned into PSIAâ€™s device discovery specification.
Here's our conversation (the transcribing is a little quick and dirty, so forgive any typos):
Sam: So, Pete, whyâ€™d Cisco join ONVIF, if youâ€™re already so involved in the PSIA?
Jankowski: One thing is, having the two standards is better than having multiple standards for every camera manufacturer out there. Iâ€™d like to get PSIA and ONVIF together, get their models together, maybe eventually getting one standard, getting that through SIA, and thatâ€™s eventually going to a ANSI standard. And Cisco has a lot of products that are just video, not necessarily surveillance, so we need to be able to support both PSIA and ONVIF. Weâ€™re working on a project called Medianet, an initiative to make the network much more video content friendly. Itâ€™s: recognize a camera, or an encoder, authenticate it, set up QoS for the video, set up an RSVP connection, which would change the bit rate, etc. So thatâ€™s what Cisco is working on internally, the switching and routing portion of the business, with our telepresence group, digital media signage group, Scientific Atlanta, and Linksys for home stuff. Just make it easier to deploy video and audio products, make it much easier to set up and the network a lot friendly to the video.
If you drop packets or the bit rate, the video can fall apart, so making the networ more friendly for the video is what Medianet is all about. That being said, PSIA and OINFVI are building standards based on two different types of methodology. One is SOAP, which is ONVIF, then thereâ€™s PSIA which is REST and xml based. both of them have their merits. Itâ€™s almost a religion. Some like web services, some like xml.
Sam: But theyâ€™re not mutually exclusive, right?
Jankowski: There is overlap, the idea is eventually â€“ what Iâ€™m hoping, the groups are still talking â€“ the data is all the same. If you ask for the stream for the camera, itâ€™s the same with both, an RTSP stream. The cameras are putting out the same thing, just over a different community request, but the end result is exactly the same, so eventually Iâ€™m hoping that weâ€™ll get the data models pushed together and come up with more of a unified standard, but I donâ€™t think that will happen right away. That will take a little bit of time. But either one is pretty good. Theyâ€™re both going to be very helpful for integrators and customers, anyone deploying IP cameras, third-party software vendors, they only have to write to two of these, and it will make their lives so much easier. Currently ONFIV is using WS discover to bind the devices, and PSIA is using zero config, which is bonjour, the Apple standard.
Thatâ€™s what the discoveries are being based on, and then provisioning is RESTful and SOAP. But both groups are talking, and theyâ€™re planning a meeting at the ISC West show. There will be a lot of work together. This is not betamax vs. VHS, or blu-ray vs. HD â€“ itâ€™s just a way of talking to the devices, and currently the industry doesnâ€™t have a standard, so this way there will only be two.
Sam: And so how does this work with SIA?
Jankowski: SIA has a whole data model put together, but they never really came together on the other side. Thatâ€™s one reason these other two started up. Weâ€™re also all working with SIA, so itâ€™s going to be all collaborative, hopefully. But I donâ€™t think, in my opinion, that everyone will follow the SIA data model right now. And then youâ€™ll start seeing PSIA has some initiatives around access control, video analytics, and storage, so those three initiatives that theyâ€™re starting up. And ONVIF is staring up in storage as well.
So as these initiative are put together, the plan is to make them all interoperable.
And I might be able to participate and help out. One of the things thatâ€™s lacking in a lot of the standards is network security, in my opinion, just stuff like encrypting the video, authenticating the video at the end of the network, when youâ€™re logging in, password protection, device-attach protection, those types of things, almost none of the companies do a very good job of that at all. They put an Ethernet nick on the back, and almost use it like a serial port, they donâ€™t consider the ramifications of physical network security, and we can help both of them get those network security standards in there and help them with those. So their end devices are secure end devices, thatâ€™s one of the big benefits that Cisco can offer.
Iâ€™ve been pushing that with both. Iâ€™ll be doing a presentation to both groups on Medianet.
Sam: Okay, so then I want to ask you about ISC West. Thereâ€™s a lot of buzz about why you guys arenâ€™t exhibiting. Whatâ€™s happening there?
Jankowski: That had something to do with our marketing budgets, we had our marketing budgets changed last year, and Cisco has a group that runs all their large trade shows, so they bill our business unit an extraordinary amount of money for a trade show. We couldnâ€™t do it ourselves, so we had a choice between ISC and ASIS. So they made the decision that weâ€™d do a huge splash at ASIS and do meeting rooms and seminars and speeches at ISC West, so we wonâ€™t do a booth, but we can now get around the Cisco requirement for supporting a booth.
Sam: You mean you werenâ€™t just going to do a 10x10 at ISC West, if you were going to do it, you were going to do it.
Jankowski: We could have done a 10x10, actually, but if you go to a 20x20, it has to be corporate run, and itâ€™s a huge amount of money. Even though weâ€™ve got a bunch of new products, especially around IP cameras, we figured that AISS would be a bigger show and we could do a bigger splash.
Everybody says youâ€™ve got to be crazy not to have a booth at ISC. And I think that will change later, that position, weâ€™ll be at ISC again. But thatâ€™s the reason why weâ€™re not there this year.
Sam: So, youâ€™re not thinking of pulling out of physical security altogether, as some have posited?
Jankowski: Security is on John Chambersâ€™ top list, thereâ€™s going to be a lot of focus on it, probably a lot more focus, I would expect, in the next year.

I keep coming across stories about Brink's Home Security stock. Since it's the sunniest stock news I can find, here's one of those stories.
Speaking of Brink's, I interviewed Brent Uhl yesterday. He's in charge of their commercial division and was also featured in our "20 movers and shakers under age 40" feature in 2007. Brent filled me in on what Brink's has been doing over the past year ramping up their commercial efforts. I'll be writing a story about that for the April (ISC West) issue.

National Monitoring Center held an open house at their brand new, state-of-the-art 8,000 square foot facility here on February 12. The central station serves independent alarm dealers in the Texas market and has been in operation since the summer of 2008. The new UL-listed central station is fully redundant with NMCâ€™s original 10,000 square foot Aliso Viejo, Calif. central station that opened in 2002.
More than 100 guests, representing alarm companies from Texas as well as various other states, attended the open house. The guests were given tours of the facility and had the opportunity to meet with the companyâ€™s management team.
Included below are pictures of the event. First is NMC executive vice president Woodie Andrawos with director of operations Todd Shuff and president Michael Schubert. Second is NMC management with some of the guests who attended the open house of the new central station.
Security Systems News toured the new facility on February 22, led through the rooms of glass, concrete and chrome by central station manager Stefan Rayner.
Rayner spoke at length about the design and development of the new facility and the stringent requirements for attaining UL-Listing. Visit the Monitor This blog at www.securitysystemsnews.com for an account of the visit.
â€œIâ€™ve been involved in the design of about six monitoring facilities during my 29 or so years in the contract monitoring business,â€ said Michael Schubert, NMC president in a release. â€œI believe our Texas location is the finest that Iâ€™ve been involved in because we put all of our experience as well as the latest technology into the design. With an experienced management team in place, we bring the Texas market a much needed state-of-the-art facility.â€
The central station uses the latest technology and is fully redundant with the California location, providing a high level of reliability and service to alarm companies and their customers. NMC purchased the newly constructed building and spent more than 18 months creating the most technologically advanced contract monitoring station serving the electronic security industry.
â€œThe facility and technology along with an experienced management team and comprehensively trained staff offer alarm dealers the support they need to grow their business,â€ said Woodie Andrawos, NMC executive vice president in a release. â€œWe listen to our dealers every day and this facility and the services we provide reflect what they need to be successful in a very competitive market.â€
NMC is a UL-listed and FM-approved third party monitoring central station company that provides services to independent alarm companies. NMC is a member of various professional trade associations including Texas BFAA, and North Texas BFAA. For more information, call 800-662-1711 or visit the website.

As I said in my last post on TechSec (another monster of a blog post), the standards panel that closed the conference was an important discussion for the industry. Rob Zivney, VP of sales and marketing at Hirsch, and someone whoâ€™s been active with standards efforts for SIA, BACnet, and the federal government, convened a panel with some of the leading voices in the current push for standards in the security (specifically the IP-based security) industry.
With him were Jonas Andersson, chair of the ONVIF effort being led by Axis, Bosch, and Sony; Rob Hile, chair of the PSIA, a group of companies brought together by David Bunzel after the last TechSec; Roger Roehr, head of the government vertical at Software House (so active with FIPS 201/HSPD-12/NIST activities), and the chair of the Smart Card Alliances physical security committee; and Hunter Knight, generally known as the father of SIAâ€™s standards efforts, which have resulted in the OSIPS body of increasingly ANSI-recognized standards.
For some reason, I decided to transcribe the entire conversation they had, and youâ€™ll see it below. I was going to only give you the highlights, but I found there werenâ€™t that many lowlights. Itâ€™s over 5,000 words, but itâ€™s worth reading over the lunch break or something because there are some important points made about the future of the industry and where you might want to sink some of your dollars in working with these standards efforts, and what the benefit to you might be.
Enjoy:
Rob Zivney: 2009 is a year of standards. Youâ€™re going to see a lot of new standards, where weâ€™ve been an industry without standards up until now. Weâ€™re going to see an unwanted abundance of standards, a plethora; youâ€™re going from nothing to a lot
Some of us have torn allegiances here. I personally am involved with SIA and BACnet.
And just to start things off: The private sector today has more than 600 organizations preparing standards, trade associations, SDOs, consortia; thereâ€™s no right or wrong way to do it. They all can achieve credibility in the marketplace. They will compete in some areas and they may cooperate in others
The first volley: After six years in development, BACnet just voted out of committee the first access control standard for our industry. The BACnet standard is recognized by ANSI, as well as being an ISO standard, itâ€™s downloadable this week. This is an open standard for no fees or royalties.
So, the first question for the panel: Why is your organization the best for developing standards, and what do you think of BACnet being out there first?
Jonas Andersson: The benefit of ONVIF â€“ Really there are three cornerstones: developing and standardizing on the interface level - we released the first specification in November, based on the architecture of Web services. The second cornerstone is interoperability, not only specification for standardization, but also a test specification, so weâ€™ll develop a test tool that weâ€™ll offer to all members to ensure compliance to the standard, and the web standards will provide code generation. The third cornerstone is that itâ€™s a global open organization, concentrating on processes for cooperating, the processes for conformance. The organization today consists of Axis, Bosch, Sony, Cisco, Panasonic, Samsung, and a number of other companies.
Hile: After hearing it for five years, a bunch of us just got together and decided to do something about it, to promote the interoperability of all IP-enabled security devices, not just video. We have active initiatives in CCTV, video analytics, an access control working group. Itâ€™s a bunch of industry leaders who got together; weâ€™re an open system, we came out with a specification that is open. Weâ€™ve got core members and associate members - we want to get something done. Weâ€™re tired of not having â€“ are we the best standard, no, but we have a very good specification, based on REST architecture, everything is going to the edge, seeing that with the TI chip, and REST is the best tool out there for edge-level integration. Is our specification the best?
I donâ€™t know, thatâ€™s open to industry interpretation.
Iâ€™ve got an interesting perspective on this. I came out of the DDC controls industry. Does anyone know what the original standard for DDC was? No? The original open standard for the DDC controls industry was pneumatics. It was air. Then all of a sudden everyone had their own protocol. I worked for Johnson Controls and then what later became Andover, I thought we had the best access control system because it worked with our HVAC system, but it was still proprietary. And it came down to cost, the end users were tired of the cost of all these disparate systems, and thatâ€™s exactly whatâ€™s happening in our industry, and now you look at the DDC controls industry, they have BACnet and they have Lon ware, so am I surprised to see BACnet here? No Iâ€™m not.
Itâ€™s not a stretch to see a day when every IP device, elevator control, lighting control, a smoke detector, are all geo-spatially aware that each other exists, not only to save money, but also to give us almost artificial intelligence, so we can be proactive instead of reactive.
Roger Roehr: The smart card alliance is an alliance of end users, integrators, and manufactures. Weâ€™re not a standards creating organization, weâ€™re in the enviable spot of going out and stealing other standards â€“ through our members we come up with existing standards that are already out there. There might be something thatâ€™s already written that you need, and trying to figure out which one you need, the alliance almost becomes the google of the standards. You say, â€˜Hey, I think that will fit?â€™
I think the BACnet standard is interesting and weâ€™ll be happy to steal from them.
Hunter Knight: OSIPS is a program that we started I think nine years/10 years ago, at the direction of the board of directors of SIA. They had done a lot of market studies and had end users complaining about the lack of interoperability, complaining about not being able to switch from one supplier to another. The association however, recognized the need to have an aggressive standards program, and created an open forum looking at NIST-defined systems integration, putting things together, and performance, predictable performance, metrics that you can apply to a standard for compliance. And this program was drafted and heatedly argued among the board at that time, funded, and has been a cornerstone of the SIA business plan going forward.
There was a lot or reluctance, if not intransigence, on the part of the membership to participate. There was almost no effective infrastructure to manage and provide venues. We just didnâ€™t have the talent to put a program of substance together. It took three or four years to get our sea legs, and what we did was focus on the end user community. We figured theyâ€™d come along if their customers mandated it. We worked several years to build trust, so that they didnâ€™t feel it was a sales scam, and weâ€™ve been successful in gaining that trust in the federal space. We havenâ€™t gotten tons of allegiances in the commercial space, but thatâ€™s harder to organize and quantify.
What have we done? Our task was to build a mechanism for all kinds of security technologies to talk to each other. And we had a lot of meetings, conferences, government round tables: What is it that we should be going set out to do? That round table decided they wanted to be able to talk to any other product, and to do that we need some kind of foundational level document that allows each thing to talk to each other - what does time look like? How does data look to each other? And it was hard to inventory all those requirements, so we started on several different standards and we thought weâ€™d learn enough to really define what the foundation should look like along the way, and weâ€™ve done a lot of work on a lot of standards: How identity management should be accomplished, how access control calculations should be done, what access point controllers should be done. Weâ€™ve looked at digital video - thatâ€™s one of the first standards we addressed - sensors, a lot of those different things. Today, the framework document is now an ASNI standard, the digital video interface standard is an ANSSI standard.
Zivney: I did say that BACnet was first in access control, but SIA was out with video first.
But Iâ€™ve got another question: Do standards insure interoperability
Roehr: The simple answer is no. What you have to realize is that standards are written by industry consensus, and if there isnâ€™t consensus, nothing gets written or multiple avenues get written. Look at HSPD-12: thereâ€™s two places where we see this issue come up â€“ they define both a part a and a part b, and the government just said weâ€™ll support them both, both type a and type b cards, which puts another requirement on manufactures that want to sell product to the federal government.
The second was biometrics, thereâ€™s the ANSI insights minutiae template and the pattern template, and the government said they didnâ€™t want to deal with pattern template, and that pretty much eliminated the go forward development of pattern templates for biometrics companies, and they did that through their own FIPS standard.
Andersson: Writing specifications does not ensure interoperability. It takes much more than that â€“ if youâ€™re familiar with web services, developed by the world wide web consortium, already a worldwide standard, and thatâ€™s wsdl, and thatâ€™s the full interface of the ONVIF specification, and then each manufacturer can use this for code generation, but also on the client side, you use this to automatically generate the code and automatically ensure you have interoperability â€“ furthermore, I would say thatâ€™s not even enough, itâ€™s just insuring that the interface is correct, but if you request the h.264, you have to make sure that you get that stream, so you need a test tool and a conformance process to ensure that interoperability.
Zivney: You mentioned REST earlier Rob, whatâ€™s that stand for?
Hile: REST represents â€“ you donâ€™t want me to get technical â€“ itâ€™s an architecture style thatâ€™s built around exchanging information in an open format, using tools that are readily available, and itâ€™s best for the edge integration. You donâ€™t need the skills and tools that you need for some other architecture styles out there.
Having standards does not ensure interoperability, until you have a standard thatâ€™s widely adopted, and thatâ€™s written around interoperability, itâ€™s not going to be successful.
Knight: I want to call the audienceâ€™s attention to my colleagues to the far right. They all represent very serious and intelligent and capable specialized interests, in areas that overlap, and what we have are two distinct solutions that both of them are pitching to us, and theyâ€™re both quality solutions, but what weâ€™re doing by virtue of the process is weâ€™re balkanizing the industry, ensuring the failure of standards to unify and achieve open system integration and predictable performance. It doesnâ€™t mean that what theyâ€™re doing is wrong, itâ€™s a good thing, but it speaks to the standards process in general. Theyâ€™re making great intellectual contributions, but weâ€™re doing it in a balkanized way, and so weâ€™re not getting the aggregate harmonization of these in the ASNI process that has very strict rules for consensus based development, no pay to play, public review, all those things that are fundamental to the development of standards that will actually work.
Another issue for a standard to actually work, both the consumer and the manufacturer have to be partners in the development of the standard, and this is my considered opinion. If itâ€™s just manufacturers agreeing to do something a certain way, thatâ€™s fine, but whether they can shove it down the customersâ€™ throat is kind of in doubt. You have to build a constituency behind the standard that brings everyone to the same table and they need to work on defining the use cases. But absent the motivation to utilize the standards and absent the open consensus based forum, I donâ€™t think you get standards that work. I think you get a balkanized development environment. Manufacturers will go that way, customers will go another way, and the next solution will come along and frustrate everybody and weâ€™ll wind up where access control is today.
Zivney: What are the market forces that are driving standards?
Hile: Itâ€™s all about the cost, itâ€™s about cost of ownership, cost of implementation. Itâ€™s about a system being obsolete because it wonâ€™t talk to anything else. Every tool they have is interoperable with something else, except they canâ€™t expand their camera system without going back to the original manufacturer, and thatâ€™s wrong. You might think Iâ€™m talking out of both sides of my mouth, because weâ€™re making a lot of money taking those disparate systems and making them talk, but Idâ€™ rather make my money making the customer happy with services, instead of making my money every time vendor a doesnâ€™t work with vendor b.
Zivney: The customer drove the demand for standards, but it took 10 years to get that first BACnet standard out, and this is not an easy process.
Knight: I saw an industry recognize that its customer base was angry at it, and they felt like, â€˜boy we better placate them because otherwise they might do harm to our revenues.â€™ But a more mature perspective about the value of standards is that it defines markets, makes it possible for folks outside the current market to come in and use the standards within that market. You can count on buying products in markets that are subject to open public based standards, so if youâ€™re a manufacturer of a product in this space, and participating in standards itâ€™s a good plan, because you will know what to do first, and your products can be more acceptable to people in your market, and more important, outside your market.
Iâ€™ve got an example for you: In the early to mid 80s, if you wanted to put a network in your business, it was a proprietary experience, and a network card cost $450 and the software cost three thousand dollars, and no one would talk to anyone, and it was frustrating. Today a network card costs $25 and it does everything under the sun. And now a lot of manufacturers arenâ€™t there, but the ones that are there are making a lot of money, and the business expanded for the manufacturers and the end users, and thatâ€™s why we should all be participating: faster solutions development, more competitive environment, so we get better products faster, and much more capability, and save money, yes.
Roehr: You hit the pin on the head - it is the customer at the end of the day who says, â€˜Hey, I want something thatâ€™s interoperable.â€™ After you get out of that, â€˜hey, Iâ€™m going to be a proprietary manufacturerâ€™ mode, one of the things thatâ€™s a big benefit is that you gain from the intellectual capital of everyone in the industry. You donâ€™t just have this myopic view of your world from where you sit, or what you learned at maybe one trade show a year. Youâ€™re actively engaged with your colleagues and your customers, and if you donâ€™t do that, youâ€™re going to fail. You find out and get the consensus of everyoneâ€™s good ideas. Iâ€™ve certainly come from a lot of standards meetings thinking one thing and leaving thinking another.
Question from the audience: Have we looked around the world at what other countries and groups are doing?
Andersson: There are certainly standardization organizations doing work around the world, BACnet, SIA; you see organizations like Senelec in Europe that are on the same pace right now, not only with video but with other devices as well. We are also involved with organizations like JAFA in Japan, really trying to get a global overview, get these efforts aligned.
Zivney: Are we reaching out to the globe with these efforts or just an American base? Hunter?
Knight: Iâ€™ve been to China, for SIA, Iâ€™ve been to Brazil. We have other staff members whoâ€™ve been to other countries working with local industry associations around the world. We all look at everyone elseâ€™s technical standards as they are available. But the problem is more fundamental. The existence of standards in Europe vis a vis different standards in the U.S. creates market opportunities and difficulties, for each of the parties. And there are lots of politics. ANSI is the US representative to ISO. ANSI is therefore the top dog for standards in the United States, and when you look at the position of the United States vis a vis Europe, and the development of the protection of markets. For example in Europe they might want to develop a standard that freezes U.S. products out and at the same time eases European products into the U.S., so thereâ€™s all this internecine warfare going on out there.
You canâ€™t just hope that you get good standards. Itâ€™s a very tough problem. If you think itâ€™s hard to develop a standard in the U.S., try developing one worldwide.
Zivney: So, is SIA trying to develop a global standard or a US standard?
Knight: All SIA standards are right now ANSI standards, because that has to be our first step, but theyâ€™re all formatted and tagged to go to ISO; our focus is to have all ISO standards over time. But I canâ€™t minimize the challenges. The way to make it better is to get more of you folks to come up to DC and participate and give your opinions.
Roehr: Most of the standards I deal with are developed internationally, and weâ€™re starting to leverage them here in the United States, theyâ€™re either German or French and have been moved up through the ISO process and are being used in the United States.
Hile: Weâ€™ve talked to Senelec and the British Security Industry Association. Our philosophy is pretty simple. Weâ€™re not a SDO. Weâ€™d like to develop a specification and weâ€™d like SIA to take that specification and run it through its process and make sure it is an international standard.
Zivney: How do companies realize a return on investment for participating in this process? Can the new small guys participate in standards development? In many cases they donâ€™t have the money or the bandwidth to participate in these things. So, can the little guys participate with your groups and do you charge for participation?
Hile: Itâ€™s my personal opinion that the smaller manufactures stand the most to gain from interoperability. Most of the VMS players have already integrated with a lot of the big players, so the small guys are standing there looking at a brick wall, and they have no way of working with these VMS players unless they sell a lot of cameras and then can leverage the fact that they want a gateway or an API to their system. So, yeah, the little guys can participate and I think thereâ€™s tremendous return on investment for them.
The larger players, their return on investment is that they better do something or theyâ€™re going to get run over. Thatâ€™s probably not the best thing for the industry, but maybe it is, to get us out of the proprietary system that weâ€™re in.
As far as pay to play, we are open, we do have core memberships that are fee-based, based on SIA and what some of the other organizations do. But our specification is out, you can go to the internet and register for it. Itâ€™s an open comment specification. We want industry influence on the specification and we take that very seriously.
Zivney: Itâ€™s not unusual for standards development activities to have a cost associated with it, and therefore a fee associated with it, so I didnâ€™t mean that to be a negative. Jonas?
Andersson: In my opinion, companies can actually calculate how advantageous it will actually be to engage in a standard organization. If you look at the manufacturers of video devices, access control devices, for example, thereâ€™s a cost in developing the interface, but also a certain cost in ensuring that the interface is correct and testing and so on. But you can actually calculate how much that would cost and how much you would gain by joining a standard organization, or standardization effort in general, to actually reduce your development and testing costs.
Zivney: Can you clarify whether ONVIF includes a testing body to go along with it?
Andersson: Iâ€™ll get back to that. But Iâ€™d like to begin on the other thing first. Specifically if you look at VMS manufacturers, who have to develop support for hundreds of video interfaces today and test them, they can reduce that cost quite a lot. Even a small company will gain a lot by influencing standardization and reducing their development costs.
To get back to the test body, ONVIF will provide a conformance process, and the test tools to ensure that the manufactures have the quality interface.
Zivney: Does ONVIF charge?
Andersson: To join ONVIF itâ€™s from $1000 to get a hold of all of this, but just as Rob mentioned, the specification is of course available freely on the Internet. But to get all of these test specifications, the test tools and process, itâ€™s $1000 per year, and then there are higher levels to be more involved.
Zivney: Hunter, does SIA charge?
Knight: SIA makes no charge for participating in its standards program. You donâ€™t even have to be a member. You have to pay your own expenses. In any particular standards program you might have four meetings a year, two days, probably spend $1000 in meeting expenses, so youâ€™ve got some meeting expenses, and a critical person may or may not be missing from the group.
One of the things you asked Rob, was what about small companies. In 11 years of doing this, what I find is the greatest contributors, the most effective contributors, come from small companies, and they end up having an enormous influence on the evolution of standards, and why is that? Because they donâ€™t send a junior person, they send a CEO or provisionary for the organization to the meeting, and that brings in a wealth of talent that we donâ€™t normally see when a big company leads a charge of following chickens, or a couple big companies lead a group to go build some standards. It tends to be the big guys set the pace, and the rest of the guys chug along and just hang on.
At SIA, we find the small organizations have the greatest influence and the greatest contribution, and the voting process, because itâ€™s ANSI, is such that a big company canâ€™t overpower a little company, five big companies canâ€™t overpower five little companies, so itâ€™s a really democratic process, and itâ€™s fun to watch how ideas change and get manipulated because of the brilliance of some of the contributors.
Zivney: Iâ€™m going to ask a question. So, Jonas and Rob Hile can come to a SIA meeting, come participate on day one, without having to pre-register and pay money? And Iâ€™ll ask it the other way around, can Hunter show up at one of your meetings and participate without having to pre-register or pay money?
Knight: You can come, you just need to let us know so we can buy lunch for you. We tend to work a lot. Thereâ€™s no charge, you can come and participate. You get on the mailing list. You donâ€™t even need to come, just say youâ€™re interested and youâ€™ll get all the evolutionary documents and participate. But itâ€™s a thrilling process if you get in there and participate.
Zivney: How does it work the other way around?
Andersson: Well, at ONVIF, you have to be a member, but like Hunter talked about, we do have democracy. Itâ€™s one vote for one company, so itâ€™s important to get that democracy in there in these organizations so small companies can cooperate with the larger in developing these standards.
And you mentioned earlier that itâ€™s important for small companies to join and influence, and I agree on that, but often you need some larger manufactures to really get things going and implementing the standards on the market and providing product.
Hile: These are very good points that are being made up here.
To be a voting member of the PSIA you do have to join and there is a fee associated with that. We try to take a little simpler approach by putting our specification on the Internet so you donâ€™t have to travel to DC four times a year to get input into our specification. You donâ€™t have to travel. Iâ€™ll also add that our organization just got off the ground, and weâ€™ve been getting beat up because weâ€™ve had some closed meetings, and a lot of people are a little, â€˜what the heckâ€™s going on with this PSIA group and whatâ€™s been going on?â€™ Really, that just came down to financials. We didnâ€™t have enough money to rent a room. So we just basically begged, borrowed, and stole to get a small room so we could have core group meetings to get this thing off the ground.
However, we are a little more organized now, weâ€™ve got some cash, and we are going to have an open meeting at ISC West. All of my friends here can come, everybody out there can come, and weâ€™ll tell everybody whatâ€™s going on.
Zivney: Roger, youâ€™re involved in a lot of committee activity, who do you see mostly involved? Large guys, small guys?
Roehr: Most of the guys I see are large guys, just because of the travel expenses, and that. I do think itâ€™s a value for an organization no matter what size it is. To reiterate, the Smart Card Alliance is not an SDO, the product we primarily put out is a white paper. We are an alliance, we do run off of membership, so it is a corporate membership, and then any employee of that corporation can attend any of the council calls. We do not in general have in-person meetings; we generally do white paper development through conference calls and WebXs.
Zivney: And typically your white papers might even talk about how to use the standards of another body, right?
Roehr: Yes, quite often it is about how to use the standard of another body. Or, in the case of the one weâ€™re working on right now, weâ€™re recommending to NIST that they use the standard of another body for their program.
Knight: One comment. I should point out that SIA doesnâ€™t always have face to face meetings, but since most of our technical design work is done around a conference table, I think weâ€™ve found that weâ€™re more efficient and get better work done in person. However, we do do the WebX, we do do the conference calls, we do circulate documents for comment. I donâ€™t want to make you think itâ€™s only face to face, but I really think you get the most effective work with a couple of days of face to face meetings.
Zivney: I promised Iâ€™d get to a question in the back here.
Question: (Paraphrasing, because itâ€™s mostly inaudible) How does a software company like us, which is small and just getting started in the industry, possibly participate in all of these organizations, and how are we supposed to compare the different organizations and try to get an opinion on which might be the best to work with?
Zivney: And Iâ€™d like to add to that question: Do you all have Web sites that make it easy to compare between each other, and if not what do you do?
Hile: Definitely a web site, PSIalliance.org. What weâ€™ve tried to do is we didnâ€™t want to reinvent the wheel. Weâ€™re not an SDO. We really just wanted to take some grassroots, come up with some interoperable specifications for the industry. We reached out to SIA, we reached out to ONVIF. Thereâ€™s some emails going around today, actually, to maybe try to merge the 2.0 specification. Itâ€™s not going to do us any good to all get up here and beat the crap out of each other. Itâ€™s not going to do the industry any good. Itâ€™s not going to do our customers any good. We all realize our customers are demanding standards. So I think youâ€™ll see a lot more cooperation.
Zivney: I think you might be able to say for TechSec, that this was the first time that the standards bodies came together in one group and actually started talking about some of that cooperation.
Knight: I actually have to take some exception to some of that. As an ANSI SDO, weâ€™re subject to some very rigorous rules, or otherwise weâ€™ll lose our charter. Weâ€™re not a pass-through organization. Thereâ€™s a very rigorous set of rules that we need to follow. Which are good rules. Open, public, consensus-based standards development. I look forward to a time when ONFIV and PSIA will make some technical submissions to SIA for consideration, we also do calls for comment.
I should point out thereâ€™s some news, itâ€™s not out there but itâ€™s new. Thereâ€™s actually some nitty little details that get blown out of proportion and theyâ€™re called bindings. And the group working on bindings has made some tactical changes about how itâ€™s been done, and weâ€™ve identified a binding call SOAP, a binding called SIP â€“ sounds kind of weird, like a beer commercial maybe â€“ and then a pair of bindings called RTP and RTSP, thatâ€™s for video, the one in the middle is for audio, and the first one is for non-streaming data. And theyâ€™re probably going to be the initial industry standards for bindings, setting up the communication path. Thereâ€™ll be a press release next week or something, but I can say that. I happen to be the chair of the committee that did that.
Thereâ€™s going to be some work to validate these initial selections, and the follow on with a bunch of calls for comment. But we canâ€™t just take a PSIA standard and they say, â€˜hey, here, pass this on to ANSI.â€™ It has to go into project and it has to go through the mill.
Iâ€™m sympathetic to people who have multiple products, and who have to participate in a lot of these things. Last year I spent $42,000 attending these meetings. So I understand the cost. But what I will tell you is that if you want to position your company at the front of the line for being able to reach out and get into other spaces and get into new markets, then youâ€™re foolish if you donâ€™t get in and participate in an open standards process.
Zivney: Iâ€™m going to take one more question here, and Iâ€™ll ask the panelists to answer it in writing and ask the panelists to submit it to the publications. What if you guys are all successful, can our industry comply with all of the standards? Are we looking at a new kind of crisis? We go from zero standards to too many to possibly comply with? What do we do?
Knight: I can tell you what the federal government is going to do. Public law Number 4, which is an amendment to some other thing, creates a requirement on the part of the federal government, using federal money, that they must go out and buy things using consensus-based open standards, as a basis for the acquisition of products. By the way this is one of the reasons we focused on them early in trying to build a consensus.
Therefore SIA made the decision to work only on ANSI standards, because those standards would have the force of law, in some sense, for the federal acquisitions of products. Now I donâ€™t think thatâ€™s going to be a day or night thing, I think it will be gradual. But thatâ€™s there, so anybody in the federal government that wants to go out and buy something that doesnâ€™t conform to those standards is going to find that their boss has to go to the secretary of commerce and explain why he didnâ€™t follow the rules. Thatâ€™s an annual requirement in the federal government.
How effective that will be? Itâ€™s been effective in other industries, but weâ€™ll see. Because those standards are now coming out of SIA, and we did that because it creates value for our members, because the work that they did on standards has a better defined pay off. thereâ€™s a big market segment thatâ€™s out there thatâ€™s going to create value.
Roehr: As a smart card alliance, weâ€™re not an SDO, so what we see is that standards are out there, and if you have a wide variety of standards, it does allow you to choose the standard that will work for your implementation. I talked a little bit about what the federal government did with their PIV effort, and they accepted multiple standards and encompassed more than one and then chose a path in some other places. I think at the end of the day, the good thing about standards is that itâ€™s a consensus of a lot of smart people, and thereâ€™s a lot of thought that goes into that, and itâ€™s not something thatâ€™s just someoneâ€™s off the cuff thought. You have a pretty good chance of getting something that gets you down the road to interoperability, and has some pretty good thought behind it as to how to implement your solution.
Andersson: I donâ€™t think you should exaggerate that youâ€™ll get several standards. Itâ€™s just as Rob said earlier, thereâ€™s been a lot of communication between organizations here, between SIA, and ONVIF, and PSIA, and as Hunter mentioned earlier, you need to formalize this specification, as it should rightfully be called, into a more formalized standard before you can start using them. And this is quite early days for standards, even though thereâ€™s been quite a lot of work being done by SIA for a long time, and getting all the companies involved, and now thereâ€™s more and more discussion between organizations and weâ€™ll wait and see if there are several standards.
Hile: No, I agree. Itâ€™s interesting. I keep hearing this over and over again, and, Rob, I think itâ€™s just an excuse: â€˜Oh, my God, weâ€™ve got all these specifications and standards now!â€™ We had none. We had none a couple years ago. And now weâ€™ve got four people sitting up here, four groups that are passionate about standards. Okay, so we get our specification approved, and itâ€™s based on REST for its architecture. And you (turning toward Jonas) get your specification published and itâ€™s based on web services. We have another one thatâ€™s based on SOAP. Okay, weâ€™ve got three! Iâ€™m damned excited about that! I had none!
When you look at all of those specifications and architecture styles, you can specifically see those architecture styles. If youâ€™re doing host-level integration between two disparate computer networks, SOAP might be the best choice. If Iâ€™m doing edge-level integration, I might want to use web services or REST. So youâ€™re going to have a lot of tools. Donâ€™t get wrapped up in if you have a lot of standards itâ€™s a bad thing. A lot of industries thereâ€™s two or three, and you use those tools when you get to specific integration challenges. And as an integrator Iâ€™m really, really happy about that. And I think the manufacturers will be, too, because theyâ€™ll have choices, theyâ€™ll be able to take their features and benefits of their system and theyâ€™ll be able to design it around an architecture style that fits their features and benefits best.
Roehr: I think the marketâ€™s going to drive it at the end. If you look at the IT community, thereâ€™s 802.3 and 802.5, token ring and Ethernet, youâ€™d be really challenged to see anyone using 802.5. The market said, â€˜hey, we like this standard better than that.â€™ Multiple standards can be out there, but the marketâ€™s going to decide.
Zivney: I think the lesson here is, if you are a manufacturer or an end user making a selection, a specifier, one thing that comes across with all the buzzwords and acronyms, the numbers, youâ€™ve got to do your homework on these things. Youâ€™ve got to understand what these standards bodies are building on and the new ones theyâ€™re introducing, and itâ€™s all part of the IT progress of the IP technology that weâ€™re basing our industry and products on.
So, Iâ€™ll end this with an old saying, which you can see here, â€œThe nice thing about standards is that there are so many to choose from.â€
Thank you all for coming.

I was emailing with Dice Corporation business development EA Melissa Roedel recently, and she was all excited about a new branding initiative Dice is ready to throw into high gear. Dice, a provider of security industry dispatch software, in February unveiled its newest offering, Quantum Operator, a software system designed using advanced human-like voice technologies to make calls on alarms. The system can handle 12 to 100 calls at a time, depending on how it is configured, and can allow human operators to concentrate on higher-level alarms.
Dice president Mike Simpson said Quantum Operator is just one of more than 75 upcoming Dice products and services that will bear the Quantum branding.
New York, N.Y.-based Statewide Monitoring recently installed Quantum Operator, and company president Steven Coppola said he has been pleased with the results.
Simpson claimed the next few releases of the product may include such services as Collection Calls, Service Appointment Notification, Installation Quality Inspections, Sales Appointment Reminders, and Sales Presentation Calls.
Stay tuned for updates as they become available.